id summary reporter owner description type status priority milestone component version resolution keywords cc drp_resources i_links o_links remaining_time sprint 232 Session accessing code can disable read security jamoore jamoore "Since read security is based on filters and the Hibernate session provides methods to disable filters, thereby turning read security off. This implies that class-based queries are, in general, dangerous. One fix would be to wrap the Session with a proxy and catch all calls to disable filters. (The proxy would probably also need to implement `SessionImplementor`). " task new major GatherReqs Security 3.0-M3 hibernate,filters,sessions